P0rnHub revamps bug bounty, back pays cash, hires staff, after criticism

Hackers get 'exclusive' PornHub tees


Pornhub is paying thousands of extra dollars to researchers who have already submitted vulnerabilities under its bug bounty program as part of an overhaul.

The adult megasite draws a blistering 60 million visitors a day and pays up to US$34,764 (£17,016, A$34,767) for the worst bugs and as little as US$50 for small vulnerabilities.

It has now upped the payments of various bugs since it launched the program earlier this month, and is retrospectively paying additional cash to researchers who have already submitted and been paid for flaws.

It says it has received thousands of submissions since the program launched.

Of those some researchers critcised the site for paying too little for bugs, the most recent triggering a revamp to the amount of cash paid out for flaws.

Feature: The bug bounty boom.

PornHub told El Reg it is also immediately increasing its bug bounty staff numbers and responsiveness to reports.

"This is our first bug bounty program and it has been quite a learning experience for us," PornHub says.

"We have modified the payout table to better align with the other public bounty programs.

"We want to be fair with every researchers, and as such we have retroactively credited all past submissions according to the new payout table."

It has published a value chart so that researchers know how much a vulnerability class is worth, and added more detail to what bugs are in scope.

Its Premium service has also been included in the bug bounty, and all researchers who submitted bugs will now be paid.

Bug hunters will also be able to rock an exclusive Pornhub bug hunter tshirt.

"Pornhub employees don't even have this shirt," the company says.

"We truly believe a successful bug bounty program require happy and motivated researchers." ®


Keep Reading

Windows kernel vulnerability disclosed by Google's Project Zero after bug exploited in the wild by hackers

Chocolate Factory spills beans early on privilege-escalation flaw

Microsoft emits 112 security hole fixes – including the cure for a Google-disclosed kernel vuln exploited in the wild

Patch Tuesday Android, Adobe, SAP, Red Hat join the bug-busting party

Google's home security package flies the Nest, Chocolate Factory pledges software support – for now

In brief Plus: Immigration lawyers for Mountain View breached, SonarQube hack worse than thought, and more

DevOps to DevOops: Docker Hub proves so secure that 430 Docker images out of 2,500 have no vulnerabilities

As for the rest, you're on your own

Alarming news: ADT to flog Nest smart home kit after Google ploughs $450m into corporate security dinosaur

Resell agreement set up amid plans to build next gen of home automation and security gear

Ex-Uber chief security officer charged, accused of covering up theft of personal info from databases by hackers

Say it ain't Joe?

Google Firebase Cloud Messaging offers spam tier for some – no account required, just knowledge of bad security

All that's necessary is willingness to abuse server keys exposed in apps and some technical know-how

The seven deadly sins letting hackers hijack America's govt networks: These unpatched bugs leave systems open

'Unauthorized access to elections support systems' detected tho 'no evidence to date that integrity of elections data has been compromised'

Biting the hand that feeds IT © 1998–2020